Privacy and Data Security

On January 18, 2022, a New Jersey bill which prohibits employers from making use of tracking devices in vehicles operated by employees without providing written notice was passed into law. See Assembly Bill A3950. Effective April 18, 2022, the law will subject employers that knowingly make use of a “tracking device” in a vehicle used by an employee without providing written notice to the employee to civil penalties not exceeding $1,000 for the first violation and not exceeding $2,500 for the second violation. Id.
Continue Reading New Jersey Law Requires Employers to Provide Notice Before Tracking Vehicles

A new year means new state privacy bills introduced in states across the country.  With two additional states joining California last year with the passage of the Virginia Consumer Data Protection Act and the Colorado Privacy Act, it is likely that more states will join the fray this year in creating a patchwork of comprehensive privacy laws in the United States.

While some states will have these bills under consideration well into the fall, the vast majority of state legislatures will adjourn by early June and thirteen will adjourn before the start of April.

During this early year sprint, there are five general trends that observers will want to keep an eye on in state legislatures.
Continue Reading State Legislative Trends to Watch in 2022

On December 10th, the Federal Trade Commission (FTC) published a Statement of Regulatory Priorities that announced the agency’s intent to initiate rulemakings on issues such as privacy, security, algorithmic decision-making, and unfair methods of competition.
Continue Reading FTC Announces Regulatory Priorities for Both Privacy and Competition

The Kingdom of Saudi Arabia has recently issued its first comprehensive national data protection law.  The Personal Data Protection Law will enter into force on March 23, 2022 and regulates the collection, processing and use of personal data in the Kingdom.

Organizations with operations in the Kingdom or those processing data of Saudi residents will have one year to comply with the new requirements.

Continue Reading Saudi Arabia Issues New Personal Data Protection Law

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (available here).  The draft guidelines are currently subject to a public consultation period that ends on January 31, 2022; interested stakeholders can submit their feedback here.

In this blog post, we provide a brief background on the issues addressed in the draft guidelines, and summarize the key takeaways.

Continue Reading EDPB Publishes Draft Guidelines on Interplay of Article 3 GDPR and the GDPR’s Cross-Border Transfer Rules

As COVID-19 vaccination becomes required in more personal and professional contexts, several different frameworks have emerged that propose both guiding principles and technical requirements for vaccine verification systems, including those developed by the World Health Organization (WHO) and the Good Health Pass Collaborative (GHPC).
Continue Reading COVID-19 Vaccine Verification Frameworks: Emerging Standards Seek to Balance Privacy Concerns With Public Health Benefits

On Thursday, September 2, 2021, the Irish Data Protection Commission (“DPC”) published its decision in the long-awaited inquiry it initiated into the data processing of WhatsApp Ireland Limited (“WhatsApp”) in December 2018.  It finds against WhatsApp, imposing a fine of €225 million.

Continue Reading Irish DPC Finds Against WhatsApp

The California Privacy Protection Agency (CPPA), which is responsible for issuing regulations implementing the California Privacy Rights Act (CPRA), has posted its approved discussion draft for seeking public comments in preparation for its CPRA rulemaking activities.  The CPPA indicated that it is particularly interested in receiving comments on the following eight topics:
Continue Reading California Privacy Protection Agency Seeks Comments on Preliminary CPRA Issues

There have been many headlines today about the UK Government’s plans to reform UK data protection law. We are still reviewing the (near 150-page) consultation document, but set out below a dozen proposals that we thought might pique the interest of readers of our blog.
Continue Reading 12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law